Phishing: A Main Concern for Enterprise Security

IT leaders have an array of considerations they must factor into company security planning, not the least of which include the most current threats. Armed with knowledge about the most pressing IT protection pain points, administrators can work proactively to ensure their organization's mission-critical technological assets are protected.

Survey reveals a focus on phishing

The Black Hat Attendee Survey included a total of 580 cybersecurity professionals, providing an comprehensive look at the industry's top concerns. Researchers discovered that 50 percent of all IT leaders are most worried about the threat of phishing, social networking exploits and other forms of social engineering being used in attacks against their businesses. This represents a 4 percent increase compared to 2016, making phishing one of the most prevalent threats to enterprise security.

Concerns about phishing and social engineering were a common theme throughout the survey results, which also found:

35 percent of respondents identified phishing as the most time-consuming threat – a 10 percent increase compared with last year. This tied with accurately measuring the company's current security posture and level of risk.

38 percent of companies cited end users being fooled by phishing and social engineering attacks as the weakest link in overall IT security.

19 percent rated social engineering and phishing as the most serious cyber threat to emerge within the past year, coming second only to the rise in ransomware.

Even more worrisome is the fact that phishing represents the starting point for an array of serious potential cyber attack strategies. Not only could a phishing email contain a traditional malicious link or attachment, phishing messages can also lay the foundation for ransomware infections, business email compromise and highly advanced, targeted attacks.

Rising concerns signal need for increased security

Increasing attention being paid to the threat of phishing and social engineering attacks translates to specific insights for security leaders, including the need for more sophisticated protections against these types of threats.

In order to effectively combat phishing messaging designed to appear legitimate, enterprises require an advanced solution that goes beyond traditional anti-spam. Security leaders should seek out technologies that offer protections specifically against socially engineered attacks, as well as those with the ability to sandbox any suspicious messages and attachments being sent to enterprise users. Solutions that provide machine learning protection are also advantageous, and can help guard against phishing messages that don't include malicious payloads, but still pose a threat.

Trend Micro offers several solutions to suit these needs, including InterScan Messaging Security, an on-premise gateway that guards against spam and targeted email attacks. Enterprise users can take advantage of ScanMail Suite for IBM Domino or Microsoft Exchange, designed specifically to pinpoint and protect against phishing on these email platforms. Trend Micro's Hosted Email Security, available as a hosted or cloud option, can further safeguard Microsoft, Google or other on-premise or hosted email platforms.